Using Good Passwords

The need for good passwords

"Why, of why, do I need a good password"you may ask. I may ask you "why. oh why, do you use security keys on your front door". The principle is the same: easy passwords are like old style keys: easy to hack. People with mall intent, also called black hat hackers or crackers, use automated systems to gain access to your computer, your password protected files, your wireless network or the web sites you visit. Most of these systems are based on lists of passwords, called rainbow tables. The less complex your password is, the easier it will be found in the list. These lists contain millions and millions of entries and are usually several gigabytes in size. More common passwords like 123456 and Passw0rd are at the top and are found super fast. 123456 is the most used password in Hotmail. How did somebody find out? They hacked thouseands and thousands of hotmail addresses and made a list of the most common used passwords. More info can be found here.

Why people don't use good passwords

So why don't you use a strong password? What keeps you from doing it? Most people wil say they can't remember a long or difficult password. But you can remember phone numbers, addresses, birthdays, account mubers, even complete poems. What's the problem then?

Most people think good passwords have to be abstract orders of characters like a4h9lpZ. Although this is a decent password, its far from a strong one. Can you remember such a password easily? Can you remember one for every web site you register at? For your banking? For your network?

No of course you can't

Random ordered charters are not easy to remember. The human brain is not capable of doing this (exceptions asside). Maybe you don't have to remember them all.

What's a good password?

A good password is a combination of characters from several types

  • Lower case letters
  • Upper case letters
  • Numbers
  • Punctuation like .,';][_)(%$@*
  • Upper ASCCI characters that you can not type easily (not always usable)

These characters need to be combined in a minimum length. I'll explain this length in a minute.

Let's do some basic calculations first.

The number of combinations that can be made fromn a certain group of characters is calculated by the taing the number of possible characters raised by the number of characters in the list. Using just numbers and using three characters we can go from 000 to 999, or ten raised by the power of three. Got it?

Now if we compare two very simple examples we will make an interesting conclusion. Let's compare a two character string using lower case and upper case letters with a three character string using only lower case letters. Which one will give you more possible combinations?

Lower case letters gives 26 possibilities, upper case letters is anothe 26 possibilities, giving 52 in total. With a two character string, this gives us 2704 possible passwords (52^2).

Using only lower case letters, but with a three character string, we get 17576 possible passwords (26^3).


The conclusion is that a longer string gives you a lot more combinations, even with a lower number of combinations. In other words: we don't really need all those fancy pancy difficult to remember combinations. We need length first, so let's just create some sentences instead of just words. I like to call this pass phrases instead of passwords.

This does not mean you should only use lower case letters though. Use at least eight characters with lower case letters, upper case letters, numbers and at least one space. Add at least one special character if you have the inspiration.

  • Eight characters minimal
  • Lower case lettes
  • Upper case letteres
  • Space(s)
  • Special character(s) if possible

Some example passwords

  • 2 Be or Not 2 Be
  • I have 1 computer
  • My mom is the best cook in the world!
  • Hello, how are you?
  • My name is NOT Ernie!
  • 1 plus 1 = Two

Don't even dare to say you would not be able to remember these pass phrases!!

I'm sure you can come up with some more interesting ones that mean more to you.

One final tip: Do not replace A with @ or 4, O with 0, E with 3. The password generation applications use these replacement too.

What NOT to do

Do not use passwords that are easy to predict based on your person, on who you are. Don't use you rname, date of birth, place of birth, name of your partner, name of your dog. Don't use any word that can be directly linked to you. Hacker know how to do research too.

Never, ever write down your password. A good passwor is not only strong, but also easy to remember. This means it's also easy to remember by other people. If you write it down, other people might see it and use it. Always ask yourself "do I have a reason to trust this person?", not "I have no reasion not to trust him/her" if you don't know that person. If you are willing to give the key to your house and access to your bank accounts, then of course you can give your passwords too.

Some tricks to get good passwords

If you want to make sure you will not pass on your password, make it as dirty and discusting as you can.

You can use a base password and add some extra characters based on the site you are using the password.  You can for example add the fist four odd characters of the URL of the site. ex. Fcbo for Facebook. This makes it easy to remember unique passwords for specific sites.

Use dialect word or misspelled words. It is a lot more unlikely these words will be in the dictionaries and will thus not be found.

Test your password using this basic password strength checker. Take into account this checker only check the number of possible combinations, not the possebility of it being relevant to the user or the top password lists.

Let's move on

Now that you  know how to create good passwords, make up at least one, preferably two. Do not write them down! You should not have to do this as a good password is easy to remember. Go the passwords ready? Let's start by installing KeePass and use one of them.